Zoom has been given a settlement order from the United States Federal Trade Commission (FTC). The order revealed that Zoom has been lying about its security levels for years. The video conferencing service has been telling its users that they offered 265-bit end-to-end encryption since 2016, but this was a lie.
Zoom has also secretly downloaded a web service on Apple Mac users which let Zoom also avoid the Safari web browser’s security prompt, which lets users know prior to letting the video conferencing app log users into meeting automatically. Later on, Apple had taken out the feature through a software update. Supposedly, copies of users meeting had been saved on an unsecured cloud server by Zoom, for about 2 months, which had made the users’ data and information vulnerable.
A statement by the FTC said regarding the restrictions placed, “Zoom personnel will be required to review any software updates for security flaws and must ensure the updates will not hamper third-party security features. Zoom is also prohibited from making misrepresentations about its privacy and security practices, including about how it collects, uses, maintains, or discloses personal information; its security features; and the extent to which users can control the privacy or security of their personal information.”
“Finally, the company must obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve, and notify the Commission if it experiences a data breach,” it added.
A statement had been made by Zoom as a reply to the order, stating that the company had abided by the impositions that had been brought up.
Ever since its growing number of users and the backlash received, the company has brought on Alex Stamos, the ex-Facebook security chief, to be the head of Zoom’s security efforts, and has also brought on end-to-end-encryption, not just for paid users, but for all of them.